Ian Royall reports: Port Phillip Council has admitted a major privacy leak after exposing up to 700 ratepayers’ email addresses in a newsletter to residents about changes in Acland St in St Kilda. The data blunder was realised soon after the leak occurred last Friday but council only owned up five days later, notifying residents…
Category: Exposure
Thousands of Security Firm Job Applications Citing Top Secret US Government Work Exposed on Misconfigured Amazon Server
Dell Cameron reports: Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year. The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement…
BroadSoft Inc. left millions of partners’ customer data records exposed
Bob Diachenko of Kromtech Security reports: One of the top companies that provides cloud-based unified communications has just leaked more than 600GB of sensitive files online. The Kromtech Security Center has discovered not just one but two cloud-based file repositories (AWS S3 buckets with public access) that appear to be connected to the global communication…
Yet another breach due to envelope windows?! CVS Caremark exposes patients’ HIV status in mailings
I can almost hear Yogi Berra saying, “It’s deja vu all over again.” Lou Chibbaro Jr. reports: CVS Caremark, a division of the CVS pharmacy and healthcare company, abruptly discontinued a mailing last week to patients in Ohio receiving HIV-related medication from the company after it learned that a reference to “HIV” appeared above the…
UK: Nottinghamshire County Council fined £70,000 for data protection breach
From the Information Commissioner’s Office: A council has been fined £70,000 by the Information Commissioner’s Office (ICO) for leaving vulnerable people’s personal information exposed online for five years. The Data Protection Act requires organisations to take appropriate measures to keep personal data secure, especially when dealing with sensitive information. But Nottinghamshire County Council posted the…
Personal info, Social Security numbers for lacrosse players posted on MLL website
WHEC reports: Major League Lacrosse is investigating a massive data leak that exposed every individual player’s personal information. According to an email the league sent to all players Monday evening — that was in turn sent to News10NBC by a player — a link on one of their website pages mistakenly re-directed browsers to a…